This article has been build with the greatly appreciated assistance and input of José Carrilho.
This article is part of a set troubleshooting articles, containing:
When you try to install a (or any) hotfix on a FIM or MIM 2016 server or component, you might run into a situation where the installation seems to run fine until the very last second and then the wizard starts a rollback.
Certainly, when you start the setup, msi or msp (patch) directly without any logging parameters, you will hardly get any information on the root cause.
Therefore it's wise to start the setup or hotfix installation with verbose logging.
Use this article to install the hotfix with verbose logging: FIM Troubleshooting: Attempted to perform an unauthorized operation.
As explained by Tim:
msiexec.exe /p <name of msp file> /l*v mylog.txt
The log might have a very high volume of information.
Below you find some useful phrases of information that should give you some indicators or easy search components to look for.
DEBUG: Error 2746: Transform EVAL.1 invalid for package C:\WINDOWS\Installer\535989.msi. Expected product {AB9663A3-2B61-44C7-8A64-358EC72934E6}, found product {0782FB14-023A-430F-B0D5-4AE1D1CCFCAA}.
DEBUG: Error 2746: Transform EVAL.1 invalid for package C:\WINDOWS\Installer\599fa.msi. Expected product {AB9663A3-2B61-44C7-8A64-358EC72934E6}, found product {0782FB14-023A-430F-B0D5-4AE1D1CCFCAA}.
Keywords:
MSI (s) (20:88) [19:59:55:711]: Skipping action: CheckFarmAdministratorWithOpenPermissionForSharePoint2007Or2010 (condition is false)
[5664]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3310
Keyword:
[5664]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 396
Product: Microsoft Identity Manager Service and Portal - Update 'MIM Service & Portal Hotfix KB 3201389' could not be installed. Error code 1603. Additional information is available in the log file C:\FIM\Sources\SP1\4.4.1302 HF\hotfix.log. MSI (c) (60:18) [10:05:41:437]: Windows Installer installed an update. Product Name: Microsoft Identity Manager Service and Portal. Product Version: 4.4.1302.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: MIM Service & Portal Hotfix KB 3201389. Installation success or error status: 1603.
MSI (c) (60:18) [10:05:41:437]: Product: Microsoft Identity Manager Service and Portal -- Configuration failed.
MSI (c) (60:18) [<time>]: Windows Installer reconfigured the product. Product Name: Microsoft Identity Manager Service and Portal. Product Version: 4.4.1302.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 1603.
MSI (s) (F0:B4) [14:28:29:652]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI26CF.tmp, Entrypoint: CAQuietExec
CAQuietExec: Microsoft.IdentityManagement.SolutionPackUtility.exe will deploy and/or retract the FIM solution packs. This operation may take long time in a SharePoint farm environment.
CAQuietExec: Executing all administrative timer jobs in preparation for FIM solution pack retraction.
CAQuietExec: Removing feature for microsoftidentitymanagement.wsp
CAQuietExec: An exception occurred while running Microsoft.IdentityManagement.SolutionPackUtility.exe: Attempted to perform an unauthorized operation.
CAQuietExec: An error occurred while retracting FIM portal solution packs.
CAQuietExec: Error 0xfffffffa: Command line returned an error.
CAQuietExec: Error 0xfffffffa: CAQuietExec Failed
CustomAction PatchRemoveFIMPortal returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Check that there are no DCOM errors (event id 10016)
Solutions:
Source: forum post: Issue when trying to apply hotfix update KB3134725 for FIMService
As explained in the forum post: check the format of the service logon ID as configured in the FIM Service.
Root cause: "login info that runs the services wasn't in the correct format. The default install had it like servicename@domain.net, but it needed to be domain\servicename."
Make sure the installer account has the proper SharePoint Farm admin rights.
Use this article to install to fix the rights: FIM Troubleshooting: Attempted to perform an unauthorized operation.